<%@CODEPAGE="65001"%>
<!--#include file="../Include/conn.asp" -->
<!--#include file="../Include/config.asp" -->
<!--#include file="../Include/seeion.asp" -->
<%
if Request.ServerVariables("QUERY_STRING")="" then response.Redirect "?action=admin"
action=request.querystring("action") 
if action="admin" then usurl="<a href=""?action=admin"">会员首页</a>"
if action="Edit" then usurl="<a href=""?action=Edit"">我的资料</a>"
if action="orders" then usurl="<a href=""?action=orders"">我的订单</a>"
if action="Sorders" then usurl="<a href=""?action=Sorders"">订单详情</a>"
if action="Gcar" then usurl="<a href=""?action=Gcar"">我的购物车</a>"
if action="password" then usurl="<a href=""?action=password"">修改密码</a>"


echo ob_get_contents(zych_templatedir&"u_index.asp")

if request("del")="ok" then
set rs=server.createobject("adodb.recordset")
id=Request.QueryString("id")
sql="select * from orders where id="&id
rs.open sql,conn,2,3
rs.delete
rs.update
Response.Write "<script>alert('当前订单删除成功！');window.location.href='?action="&request.querystring("action")&"';</script>"
end if 

if request("xiugai")="info" then'修改资料
id=request.form("id")
zsname=request.form("zsname")
sex=request.form("sex")
gsname=request.form("gsname")
gsadd=request.form("gsadd")
youbian=request.form("youbian")
tel=request.form("tel")
qq=Replace(Trim(Request.Form("qq")),"'","''")
mail=request.form("mail")
wz=request.form("wz")
if id="" or not isnumeric(id) then
Response.Write "<script>alert('参数错误！');history.go(-1);</script>" 
Response.End()
end if
if not isnumeric(qq) then
Response.Write "<script>alert('QQ号只能为数字！');history.go(-1);</script>" 
Response.End()
end if
set rs=server.createobject("adodb.recordset")
SQL="Select * from [user] where id="&id
rs.open SQL,conn,1,3
if rs.eof and rs.bof then
Response.Write "<script>alert('参数不正确，ID值不存在！');history.go(-1);</script>" 
Response.End()
end if
rs("zsname")=zsname
rs("sex")=sex
rs("gsname")=gsname
rs("gsadd")=gsadd
rs("youbian")=youbian
rs("tel")=tel
rs("qq")=qq
rs("mail")=mail
rs("wz")=wz
rs.update 
rs.close 
response.write "<script>alert('资料更新成功！');window.location.href='?action=admin';</script>" 
end if
 
if request("xiugai")="pass" then'修改密码
dim u,i,letters,id,userpassword,userpassword2
id=request("id")
userpassword=request.form("userpassword")
userpassword2=request.form("userpassword2")
if id="" or not isnumeric(id) then
Response.Write "<script>alert('参数错误！');history.go(-1);</script>" 
Response.End()
end if
if userpassword="" or userpassword2="" then
response.write "<script>alert('密码不能为空!!');history.go(-1);</script>"  
response.end 
end if
if userpassword<>userpassword2 then 
response.write "<script>alert('两次密码输入不一致,请重新输入!');history.go(-1);</script>"  
response.end 
end if
letters="0123456789abcdefghijklmnopqrstuvwxyz" 
userpassword=Lcase(trim(Request.Form("userpassword"))) 
for i=1 to len(userpassword) 
u=mid(userpassword,i,1) 
if Instr(letters,u)=0 then 
response.write "<script>alert('登陆密码只能由字母、数字及下划线组成!');history.go(-1);</script>" 
response.end 
end if 
next 
if len(userpassword)<6 or len(userpassword)>20 then   
response.write "<script>alert('密码必须为6至20位!');history.go(-1);</script>" 
response.end 
end if 
set rs=server.createobject("adodb.recordset")
SQL="Select * from [user] where id="&id
rs.open SQL,conn,1,3
if rs.eof and rs.bof then
Response.Write "<script>alert('参数不正确，ID值不存在！');history.go(-1);</script>" 
Response.End()
end if
rs("userpassword")=md5(request.form("userpassword"))
rs.update 
rs.close 
response.write "<script>alert('密码修改成功！');window.location.href='"&Dir&"User/?action=admin';</script>" 
end if

if Request.QueryString("orders")="add" then
	num=Request.Form("num")
	xrmb=Request.Form("xrmb")
	cid=Request.Form("cid")
	title=Request.Form("title")
	OrderNo=getTime&getStrRandNumber(1000,9999)
	If Request.Form("name") = "" Then
		response.Write("<script language=javascript>alert('姓名不能为空!');history.go(-1)</script>")
		response.End()
	End If
	If Request.Form("tel") = "" Then
		response.Write("<script language=javascript>alert('电话不能为空!');history.go(-1)</script>")
		response.End()
	End If
	If Request.Form("add") = "" Then
		response.Write("<script language=javascript>alert('地址不能为空!');history.go(-1)</script>")
		response.End()
	End If
	set rs=server.createobject("adodb.recordset")
	sql="select * from [orders]"
	rs.open sql,conn,1,3
	rs.addnew
	rs("OrderNo")=OrderNo
	rs("title")=replace(title,", ","|")
	rs("cid")=replace(cid,", ","|")
	rs("xrmb")=replace(xrmb,", ","|")
	rs("number")=replace(num,", ","|")
	rs("rmb")=Request.Form("rmb")
	rs("userid")=session("username")
	rs("qq")=qq
	rs("name")=Request.Form("name")
	rs("tel")=Request.Form("tel")
	rs("address")=Request.Form("add")
	rs("sm")=Request.Form("content")
	rs.update
	rs.close
	set rs=nothing
	Response.Cookies("productlist")=""
	response.write "<script>alert('恭喜您,您的订单编号："&OrderNo&"提交成功，请到订单列表付款！');window.location.href='"&Dir&"User/?action=orders';</script>" 
end if

if request("loginOUT")="ok" then'退出登陆
'session.Abandon()
session("username")=""
session("key")=""
Response.Write("<script language=""JavaScript"">alert(""您已安全退出会员中心！"");</script>")
response.write "<Meta http-equiv='refresh' content='0;URL=../index.asp'>"
end if
%> 
